Tag Archives: security

Security release for Joomla!

      1 Comment on Security release for Joomla!

Yesterday (13th December) Joomla! released a security update. This update fixes a vulnerability that is present in most Joomla! sites, affecting Joomla! 1.6.0 through 3.6.4. Besides this high priority bug, two low priority bugs are fixed as well. Also some security hardening has been done, and some bugs have been fixed with this release. It is recommended to update your… Read more »

Multiple Joomla! (<3.6.4) vulnerabilities fixed

      No Comments on Multiple Joomla! (<3.6.4) vulnerabilities fixed

Less than two days ago a security update for Joomla! was released. This release fixes two mayor security issues: Inadequate checks allows for users to register on a site when registration has been disabled. Report on Joomla.org Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. Report on Joomla.org If you are using… Read more »

Developers: please use sslverify = true

      1 Comment on Developers: please use sslverify = true

Often WordPress is being used to talk to external gateways or API’s. Especially now, with the uprising popularity of the REST API WordPress is getting more and more ready to talk to the outside world. A fairly common practice is to set sslverify = false when you’re using functions like wp_remote_get() or wp_remote_post (). Even though this was common practice… Read more »

POODLE-bug – what can you do?

      No Comments on POODLE-bug – what can you do?

Right now a bug in SSL poses a risk for users sending information over a supposedly secure connection. I won’t describe the bug in detail, but the short version is that it allows an attacker to force a site-visitor back to the insecure SSL 3.0 protocol. Combine this with a man-in-middle-attack (MiTM) and you can guess where this is going… Read more »